diff -r 582808b47653 -r 5d81ec164e5d src/do-refresh-auth
--- a/src/do-refresh-auth	Fri Mar 06 12:34:07 2009 +0000
+++ b/src/do-refresh-auth	Fri Mar 06 12:46:22 2009 +0000
@@ -9,15 +9,22 @@
 import sys
 import os
 import os.path
+import pwd
 import subprocess
-from mercurialserver import ruleset
+from mercurialserver import ruleset, paths
 
-if len(sys.argv) <= 3:
-    sys.stderr.write("refresh-auth: wrong number of arguments (%s)\n" % sys.argv)
+if len(sys.argv) != 1:
+    sys.stderr.write("refresh-auth: must be called with no arguments (%s)\n" % sys.argv)
     sys.exit(-1)
 
-akeyfile = sys.argv[1]
-wrappercommand = sys.argv[2]
+pentry = pwd.getpwuid(os.geteuid())
+if pentry.pw_name != "hg":
+    # FIXME: re-execute
+    print >>sys.stderr, "Must be run as the 'hg' user"
+
+akeyfile = pentry.pw_dir + "/.ssh/authorized_keys"
+wrappercommand = paths.getEtcPath() + "/hg-ssh-wrapper"
+keydirs = [paths.getEtcPath() + "/keys", pentry.pw_dir + "/repos/hgadmin/keys"]
 prefix='no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command='
 
 if os.path.exists(akeyfile):
@@ -30,7 +37,7 @@
         f.close()
 
 akeys = open(akeyfile + "_new", "w")
-for keyroot in sys.argv[3:]:
+for keyroot in keydirs:
     kr = keyroot + "/"
     #print "Processing keyroot", keyroot
     for root, dirs, files in os.walk(keyroot):